Password Policy Max Login Attempts too wide

Impact area

Security

Severity

Medium

Affected element

Profile

Org Config

Rule ID

SF-0111

Impact

Allowing too many failed login attempts can open you up to brute force attacks.

Remediation

Limit the number of login failures allowed for a user before the user is locked out.

Time to fix

30 min

References

This rule is linked to Common Weakness Enumeration CWE-521 Weak Password Requirements.




Last modified on Oct 13, 2020